The Internet of Things is talked about a lot and many people are unsure what it really is, but at DEF CON 23 this summer in Las Vegas, that should become a lot more clear as attendees compete to hack IoT devices.

“Pwning IoT via Hardware Attacks” is a competition starting this year as part of IoT Village, a new sector of the conference focusing on security of proliferating device such as sensors, meters, industrial controls and smart appliances.

As part of the village attendees can enter their successful compromises against IoT devices in an attempt to win prizes. The entries will be judged on the severity of the compromise – how thoroughly a machine is taken over – and how it can be accessed, such as remotely or without being detectable, says Chase Schultz, a security researcher for Independent Security Evaluators (ISE), which is organizing the competition.

Chase Schultz

The hope is that the competition will promote more consideration being given to security in the design of IoT devices, he says. “There’s still a lot of work to be doing before consumers go full on with adoption of IoT devices,” Schultz says.

The competition will all be conducted under principles of responsible disclosure under which vendors will be notified of the vulnerabilities that are exploited to give them a chance to fix them before they are publicly revealed.

Schultz entered a similar competition at DEF CON last year called SOHOplessly Broken and did well enough hacking wireless routers that he caught the eye of ISE, which offered him a job. SOHOpelessly Broken was directed at SOHO routers for which 56 zero-day vulnerabilities were already known. The competition turned up 15 more, says Ted Harrington, executive director of ISE.

He says security of IoT devices should be a great concern because there is so much enthusiasm for the devices, but so little focus on securing them. “Security is not a priority. It glosses over the fact that IoT brings with it tremendous security impact, and health, safety and privacy issues,” Harrington says. “This is a tsunami that’s going to come crashing down soon.”

This story, "DEF CON: Come hack the Internet of Things " was originally published by
Network World.